1071712 - promethease.com drops the connection if "AB'CDEFG5" is used as the filename

Status: UNCONFIRMED

(Core :: Networking, defect, P3)

Description

[cariaso]

Attachment: AB'CDEFG5.csv

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.122 Safari/537.36

Steps to reproduce:

visit https://promethease.com
upload the attached file named AB'CDEFG5.csv
upload begins



Actual results:

progress bar will go red and report a CORS failure


Expected results:

upload complete.

Rename the file to remove the single quote. Reupload the file. Everything works fine.

Comment 1

[Boris Zbarsky [:bzbarsky]]

Thank you for the bug report!

What's happening as far as I can see is this:

1)  We send the OPTIONS preflight.
2)  The server responds allowing the upload.
3)  We send the HTTP PUT with the data.
4)  The server drops the connection on us (closes the socket, in particular), which we
    treat as a CORS failure (because CORS says that network errors should be considered
    failures and should not expose information to the caller).

The real issue here is that the server is dropping the connection.  Why is it doing that, exactly?  It's hard to tell, given the SSL business how what we're sending differs from what Chrome is sending, assuming it does....

Comment 2

[Boris Zbarsky [:bzbarsky]]

Note that it's something particular to the single quote character.  Using "'.csv" as the filename triggers the same failure.

Comment 3

[Firefox Bug Husbandry Bot]

Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258

Comment 4

[Firefox Bug Husbandry Bot]

Bulk change to priority: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258

Comment 5

[123 Movies]

https://123moviesfd.ga is an free Movies and TV Shows streaming platform like FMovies, 123Movies, GoMovies and GoStream. Here you can watch online movies completely free. After the suspension of FMovies and 123Movies its the only best platform available on internet to play online movies.